HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> ) Task: {62F68093-387F-44C4-BAA6-2D6C1BC20A46} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {B8D715F9-DF6C-4E6F-B339-4A329B7F671E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {777D093A-F2E0-424F-AE14-09340FF8CBC4} - System32\Tasks\update-S-1-5-21-1315945748-2372567203-217578743-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: ) Task: {82AE6A3B-F6C3-4E07-9583-95E560E68774} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: ) Task: C:\WINDOWS\Tasks\update-S-1-5-21-1315945748-2372567203-217578743-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe C:\Program Files (x86)\Skillbrains FF HKLM\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\Program Files (x86)\Norton Family\Engine\3.7.1.35\Exts\{8A0D66E3-1C08-49A6-8F6C-7E024029D199}.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\Program Files (x86)\Norton Family\Engine\3.7.1.35\Exts\{8A0D66E3-1C08-49A6-8F6C-7E024029D199}.xpi => not found CHR Extension: (Norton™ Family) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2018-09-20] S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) AlternateDataStreams: C:\Users\Public\AppData:CSM [468] AlternateDataStreams: C:\Users\User\Downloads\452.06-desktop-win10-64bit-international-whql.exe:SmartScreen [7] AlternateDataStreams: C:\Users\User\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe:SmartScreen [7] AlternateDataStreams: C:\Users\User\Downloads\JavaSetup8u261.exe:SmartScreen [7] MSCONFIG\Services: DSAService => 2 MSCONFIG\Services: DSAUpdateService => 3 MSCONFIG\Services: LMIGuardianSvc => 2 HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk" HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run32: => "Lightshot" HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant" HKU\S-1-5-21-1315945748-2372567203-217578743-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" FirewallRules: [{1247570F-6596-4257-9247-BA6188FA8861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\COMBAT ARMS THE CLASSIC\NMService.exe => No File FirewallRules: [{7EDC78A0-8274-4A32-BC76-F491B4692292}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\COMBAT ARMS THE CLASSIC\NMService.exe => No File FirewallRules: [UDP Query User{E1DF57E1-A9D5-405F-B7E0-BFE1973FDD0A}C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe => No File FirewallRules: [TCP Query User{21AB142A-9469-418C-A130-F1C1D4734899}C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe => No File FirewallRules: [UDP Query User{5BDB2534-1DDE-44A3-A46C-46C1F74DDF4A}C:\users\user\appdata\local\deskforcephone\deskforcephone.exe] => (Allow) C:\users\user\appdata\local\deskforcephone\deskforcephone.exe => No File FirewallRules: [TCP Query User{DB0E7C88-58E1-445F-B3E2-E74D0F13ECF2}C:\users\user\appdata\local\deskforcephone\deskforcephone.exe] => (Allow) C:\users\user\appdata\local\deskforcephone\deskforcephone.exe => No File FirewallRules: [{77335E48-D368-4F67-A168-0BD9136D13B7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe => No File FirewallRules: [{320DB5C1-1AB3-476A-9C5A-075E9D13E8E2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe => No File FirewallRules: [{DA24ED28-2E6D-44E0-B6AE-20C27A00DF69}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{3CE818A5-47CE-4DAD-A84C-B8A5EAC1A07C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{F075CBF0-F365-4B8A-A093-D3969DB6F7BF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{360AB6CD-656A-4350-8219-AB5BD060B463}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{EAB40C64-7ACF-4E62-BEF7-E2968407B23F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File FirewallRules: [{82252EBC-7521-4AAA-99E5-8FEFE6CD1F41}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File CHR HomePage: Default -> hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0Azzzz0AtBtD0DtByCzztN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=194304021 CHR StartupUrls: Default -> "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0D0Azzzz0AtBtD0DtByCzztN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=194304021","hxxp://www.searchnu.com/406","hxxps://www.google.co.il/?gws_rd=ssl","hxxps://www.google.com/" CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: